On Fri, Nov 14, 2014 at 12:04 PM, Dimuthu Leelarathne <[email protected]> wrote:
> Hi all, > > We had a discussion with the Stratos team. The current meta data service > cannot be used by us because it is a security threat. Because the Cartridge > agent keeps username/password and these credentials are duplicated in all > Cartridges. So if I write a PHP application to read the credentials the > security of the meta data service is breached. > > Yes, this will/must to fix before Stratos 4.1.0 alpha. (most probably next week) > So for the release we have come up with this approach. The certain parts > of the implementation can be donated to Stratos. And the OAuth layer in > front of the dev registry is going to be Stratos MetaData service layer. > WDYT? > +1 for donation. Anyway we (stratos) have to implement this. > > https://creately.com/diagram/i296mkhn1/kguXC7mpUdJsUELKTcjbNrrT4%3D > > thanks, > dimuthu > > > > On Thu, Nov 13, 2014 at 4:10 PM, Udara Liyanage <[email protected]> wrote: > >> Hi Sanjiva, >> >> The work of the local agent you mentioned is done by the cartridge agent >> since it fetches the metadata and set them as environment variables. >> >> Currently metadataservice web app uses registry in order to store values. >> However when we implement the metadata service we wanted it to decouple it >> from registry so we can switch to any storage in future. >> The intention of the metadata service is that it abstracts the storage >> from metadata publishers and fetchers, so publishers can publish metadata >> against the application Id. Then the dependent instances fetch the metadata >> by providing the application id without knowing underlying storage. >> >> Currently we use username/password based authentication, however we will >> extend it to use oAuth so that dependent instances are able to fetch >> metadata using a token. >> >> >> On Thu, Nov 13, 2014 at 3:02 PM, Sanjiva Weerawarana <[email protected]> >> wrote: >> >>> Why do we need another metadata service when the registry is there? That >>> has an HTTP API so that's the service. What am I missing?? >>> >>> The point about a local API was different: we can have the agent in the >>> cartridge talk to the above HTTP API and expose a simple local API, with or >>> without protection. That could even push environment variables out so that >>> code can pull the values out directly. That's what Paul wanted to do a long >>> time ago. >>> >>> Sanjiva. >>> >>> On Wed, Nov 12, 2014 at 6:49 AM, Udara Liyanage <[email protected]> wrote: >>> >>>> Hi, >>>> >>>> username,password based validation is there in metadata service. I >>>> meant we have identified that we need to add Oauth based authentication. >>>> >>>> >>>> >>>> Touched, not typed. Erroneous words are a feature, not a typo. >>>> On Nov 12, 2014 5:52 AM, "Selvaratnam Uthaiyashankar" <[email protected]> >>>> wrote: >>>> >>>>> So, the meta data service does not have any authentication? Means, I >>>>> can write an application and override the configurations you are storing >>>>> for your applications? >>>>> >>>>> On Sunday, November 9, 2014, Dimuthu Leelarathne <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Udara, >>>>>> >>>>>> +1. Updated the diagram with suggested approach. >>>>>> >>>>>> thanks, >>>>>> dimuthu >>>>>> >>>>>> On Sat, Nov 8, 2014 at 11:30 PM, Udara Liyanage <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> >>>>>>> >>>>>>> On Sat, Nov 8, 2014 at 11:18 PM, Dimuthu Leelarathne < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Sanjiva, Udara and all, >>>>>>>> >>>>>>>> If we are using PHP API we have to workout >>>>>>>> Authentication/Authorization for Registry Rest API because it is not >>>>>>>> possible to access it straightaway - could be OAuth. My other concern >>>>>>>> is >>>>>>>> the nativeness of the approach. Would developers feel it is a natural >>>>>>>> way? >>>>>>>> >>>>>>>> yes we need to use Oauth, which is not yet used in metadata service. >>>>>>> >>>>>>>> As Udara suggested if there is a Metadata service in Stratos, we >>>>>>>> can be using it. It would yield a more natural way to developers. >>>>>>>> Isn't it? >>>>>>>> >>>>>>> >>>>>>> When agent exposes the values as environments variables, PHP >>>>>>> developers can access them values as >>>>>>> >>>>>>> <?php >>>>>>> >>>>>>> >>>>>>> 1. $USER=getenv('MYSQL_USER_NAME'); >>>>>>> 2. $host=getenv('MYSQL_HOST'); >>>>>>> 3. $pass=getenv('MYSQL_PASSWORD'); >>>>>>> 4. $link = mysql_connect($host, $user, $pass) >>>>>>> 5. or die('Could not connect: ' . mysql_error()); >>>>>>> >>>>>>> ?> >>>>>>> >>>>>>> >>>>>>>> It was Paul who suggested the file-system (or environment variable) >>>>>>>> approach, sometime back. >>>>>>>> >>>>>>>> thanks, >>>>>>>> dimuthu >>>>>>>> >>>>>>>> >>>>>>>> On Sat, Nov 8, 2014 at 11:05 PM, Sanjiva Weerawarana < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Dimuthu I don't understand .. why can't you continue to use the >>>>>>>>> registry for these and just give a local API for PHP or whatever to >>>>>>>>> get it >>>>>>>>> from? We can simply have an agent in the cartridge that fronts the >>>>>>>>> registry >>>>>>>>> and then gives a local HTTP endpoint to get the data as name/value >>>>>>>>> pairs. >>>>>>>>> >>>>>>>>> IIRC Paul suggested this many years ago. >>>>>>>>> >>>>>>>>> Sanjiva. >>>>>>>>> >>>>>>>>> On Sat, Nov 8, 2014 at 10:48 PM, Dimuthu Leelarathne < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi Udara, >>>>>>>>>> >>>>>>>>>> Is it available in the new version of Stratos? >>>>>>>>>> >>>>>>>>>> So when we write to Metadata service, how is my app suppose to >>>>>>>>>> get it? Is it via environment variables? >>>>>>>>>> >>>>>>>>>> thanks, >>>>>>>>>> dimuthu >>>>>>>>>> >>>>>>>>>> On Sat, Nov 8, 2014 at 10:45 PM, Udara Liyanage <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Dimutu, >>>>>>>>>>> >>>>>>>>>>> How about using a metadata service for this. Metadata service is >>>>>>>>>>> a REST service where its provides APIs to publish and fetch key >>>>>>>>>>> value/values pairs. >>>>>>>>>>> This is already implemented in Stratos. >>>>>>>>>>> >>>>>>>>>>> So workflow is, >>>>>>>>>>> Instead of writing to git, AF publishes to metadata service. >>>>>>>>>>> Then cartridge agent fetches from the metadata service and expose >>>>>>>>>>> as env >>>>>>>>>>> variable. >>>>>>>>>>> I feel this is more cleaner than commiting to repo. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Touched, not typed. Erroneous words are a feature, not a typo. >>>>>>>>>>> On Nov 8, 2014 10:33 PM, "Dimuthu Leelarathne" < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Hi all, >>>>>>>>>>>> >>>>>>>>>>>> For propagating resources (name-value pairs for Apps) to >>>>>>>>>>>> none-carbon runtimes we need an approach. I have been thinking >>>>>>>>>>>> about the >>>>>>>>>>>> possibilities and this came into my mind. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> https://creately.com/diagram/i296mkhn1/kguXC7mpUdJsUELKTcjbNrrT4%3D >>>>>>>>>>>> >>>>>>>>>>>> WDYT? Are there different suggestions? Or improvements? >>>>>>>>>>>> >>>>>>>>>>>> thanks, >>>>>>>>>>>> dimuthu >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Dimuthu Leelarathne >>>>>>>>>>>> Architect & Product Lead of App Factory >>>>>>>>>>>> >>>>>>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>>>>>> email: [email protected] >>>>>>>>>>>> Mobile : 0773661935 >>>>>>>>>>>> >>>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Architecture mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Architecture mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Dimuthu Leelarathne >>>>>>>>>> Architect & Product Lead of App Factory >>>>>>>>>> >>>>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>>>> email: [email protected] >>>>>>>>>> Mobile : 0773661935 >>>>>>>>>> >>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Architecture mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Sanjiva Weerawarana, Ph.D. >>>>>>>>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ >>>>>>>>> email: [email protected]; office: (+1 650 745 4499 | +94 11 214 >>>>>>>>> 5345) x5700; cell: +94 77 787 6880 | +1 408 466 5099; voip: +1 >>>>>>>>> 650 265 8311 >>>>>>>>> blog: http://sanjiva.weerawarana.org/; twitter: @sanjiva >>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Architecture mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Dimuthu Leelarathne >>>>>>>> Architect & Product Lead of App Factory >>>>>>>> >>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>> email: [email protected] >>>>>>>> Mobile : 0773661935 >>>>>>>> >>>>>>>> Lean . Enterprise . Middleware >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Udara Liyanage >>>>>>> Software Engineer >>>>>>> WSO2, Inc.: http://wso2.com >>>>>>> lean. enterprise. middleware >>>>>>> >>>>>>> web: http://udaraliyanage.wordpress.com >>>>>>> phone: +94 71 443 6897 >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Dimuthu Leelarathne >>>>>> Architect & Product Lead of App Factory >>>>>> >>>>>> WSO2, Inc. (http://wso2.com) >>>>>> email: [email protected] >>>>>> Mobile : 0773661935 >>>>>> >>>>>> Lean . Enterprise . Middleware >>>>>> >>>>> >>>>> >>>>> -- >>>>> S.Uthaiyashankar >>>>> VP Engineering >>>>> WSO2 Inc. >>>>> http://wso2.com/ - "lean . enterprise . middleware" >>>>> >>>>> Phone: +94 714897591 >>>>> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Sanjiva Weerawarana, Ph.D. >>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ >>> email: [email protected]; office: (+1 650 745 4499 | +94 11 214 5345) >>> x5700; cell: +94 77 787 6880 | +1 408 466 5099; voip: +1 650 265 8311 >>> blog: http://sanjiva.weerawarana.org/; twitter: @sanjiva >>> Lean . Enterprise . Middleware >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> >> Udara Liyanage >> Software Engineer >> WSO2, Inc.: http://wso2.com >> lean. enterprise. middleware >> >> web: http://udaraliyanage.wordpress.com >> phone: +94 71 443 6897 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Dimuthu Leelarathne > Architect & Product Lead of App Factory > > WSO2, Inc. (http://wso2.com) > email: [email protected] > Mobile : 0773661935 > > Lean . Enterprise . Middleware > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Lakmal Warusawithana Vice President, Apache Stratos Director - Cloud Architecture; WSO2 Inc. Mobile : +94714289692 Blog : http://lakmalsview.blogspot.com/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
